Denial of Service (DoS) attack and Distributed Denial of Service (DDoS) attack are a kind of network attack that prevents legitimate users from accessing the service normally. The essence of DoS/DDoS attack is to send a large number of useless messages to the target to occupy the target bandwidth and host resources, thus result in a huge malicious traffic attack. In order to ensure the network security and the normal operation of the service, an accurate and timely attack detection is essential.
The conventional method of detecting DoS/DDoS attack is to set a fixed traffic threshold based on experience, and when the traffic exceeds the set traffic threshold, the traffic is cleaned. The simple attack detection method based on the fixed traffic threshold is likely to encounter a undetected attack and an error-detected attack, which results in some issues, such as unstable service platform service caused by unnecessary cleaning of normal traffic, and malicious consumption of resources or even paralyzed system caused by undetected attack.